Item Search

NameAudit NamePluginCategory
ALMA-09-042370 - AlmaLinux OS 9 must protect against or limit the effects of denial-of-service (DoS) attacks by ensuring rate-limiting measures on impacted network interfaces are implemented.DISA CloudLinux AlmaLinux OS 9 STIG v1r2Unix

SYSTEM AND COMMUNICATIONS PROTECTION

ARST-L2-000050 - The Arista MLS switch must have Root Guard enabled on all switch ports connecting to access layer switches and hosts.DISA STIG Arista MLS EOS 4.2x L2S v2r1Arista

SYSTEM AND COMMUNICATIONS PROTECTION

ARST-L2-000070 - The Arista MLS switch must have STP Loop Guard enabled on all nondesignated STP switch ports.DISA STIG Arista MLS EOS 4.2x L2S v2r1Arista

SYSTEM AND COMMUNICATIONS PROTECTION

ARST-L2-000090 - The Arista MLS layer 2 switch must have DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources.DISA STIG Arista MLS EOS 4.2x L2S v2r1Arista

SYSTEM AND COMMUNICATIONS PROTECTION

ARST-L2-000110 - The Arista MLS layer 2 switch must have Dynamic Address Resolution Protocol (ARP) Inspection (DAI) enabled on all user VLANs.DISA STIG Arista MLS EOS 4.2x L2S v2r1Arista

SYSTEM AND COMMUNICATIONS PROTECTION

ARST-RT-000530 - The Arista router must be configured to have Internet Control Message Protocol (ICMP) unreachable notifications disabled on all external interfaces.DISA STIG Arista MLS EOS 4.2x Router v2r1Arista

SYSTEM AND COMMUNICATIONS PROTECTION

ARST-RT-000550 - The Arista router must be configured to have Internet Control Message Protocol (ICMP) redirects disabled on all external interfaces.DISA STIG Arista MLS EOS 4.2x Router v2r1Arista

SYSTEM AND COMMUNICATIONS PROTECTION

ARST-RT-000560 - The Arista BGP router must be configured to use the maximum prefixes feature to protect against route table flooding and prefix de-aggregation attacks.DISA STIG Arista MLS EOS 4.2x Router v2r1Arista

SYSTEM AND COMMUNICATIONS PROTECTION

CASA-ND-001180 - The Cisco ASA must be configured to protect against known types of denial-of-service (DoS) attacks by enabling the Threat Detection feature - DoS attacks by enabling the Threat Detection feature.DISA STIG Cisco ASA NDM v2r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

Configuring cookie encryption within the HTTP profileTenable F5 BIG-IP Best Practice AuditF5

SYSTEM AND COMMUNICATIONS PROTECTION

EX19-ED-000231 - The Exchange SMTP automated banner response must not reveal server details.DISA Microsoft Exchange 2019 Edge Server STIG v2r2Windows

SYSTEM AND COMMUNICATIONS PROTECTION

EX19-MB-000231 - Exchange must not send nondelivery reports to remote domains.DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2Windows

SYSTEM AND COMMUNICATIONS PROTECTION

EX19-MB-000233 - Exchange internal send connectors must use an authentication level.DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2Windows

SYSTEM AND COMMUNICATIONS PROTECTION

F5BI-DM-000290 - If the BIG-IP appliance is being used to authenticate users for web applications, the HTTPOnly flag must be set.DISA F5 BIG-IP Device Management STIG v2r4F5

SYSTEM AND COMMUNICATIONS PROTECTION

FGFW-ND-000290 - The FortiGate device must protect against known types of denial-of-service (DoS) attacks by employing organization-defined security safeguards.DISA Fortigate Firewall NDM STIG v1r4FortiGate

SYSTEM AND COMMUNICATIONS PROTECTION

JUEX-L2-000080 - The Juniper EX switch must be configured to enable Root Protection on STP switch ports connecting to access layer switches.DISA Juniper EX Series Layer 2 Switch v2r3Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUEX-L2-000120 - The Juniper EX switch must be configured to enable DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources.DISA Juniper EX Series Layer 2 Switch v2r3Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUEX-RT-000620 - The Juniper router must be configured to have Internet Control Message Protocol (ICMP) unreachable notifications disabled on all external interfaces.DISA Juniper EX Series Router v2r1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUEX-RT-000660 - The Juniper BGP router must be configured to limit the prefix size on any inbound route advertisement to /24 or the least significant prefixes issued to the customer.DISA Juniper EX Series Router v2r1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUEX-RT-000690 - The Juniper multicast Rendezvous Point (RP) must be configured to rate limit the number of Protocol Independent Multicast (PIM) Register messages.DISA Juniper EX Series Router v2r1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUEX-RT-000710 - The Juniper multicast Designated Router (DR) must be configured to increase the shortest-path tree (SPT) threshold or set it to infinity to minimalize source-group (S, G) state within the multicast topology where Any Source Multicast (ASM) is deployed.DISA Juniper EX Series Router v2r1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

Overview of the HTTP profileTenable F5 BIG-IP Best Practice AuditF5

SYSTEM AND COMMUNICATIONS PROTECTION

Preserving or modifying HTTP response headers removed by the BIG-IP ASM systemTenable F5 BIG-IP Best Practice AuditF5

SYSTEM AND COMMUNICATIONS PROTECTION

RHEL-08-040150 - A firewall must be able to protect against or limit the effects of Denial of Service (DoS) attacks by ensuring RHEL 8 can implement rate-limiting measures on impacted network interfaces.DISA Red Hat Enterprise Linux 8 STIG v2r3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

RHEL-09-251030 - RHEL 9 must protect against or limit the effects of denial-of-service (DoS) attacks by ensuring rate-limiting measures on impacted network interfaces are implemented.DISA Red Hat Enterprise Linux 9 STIG v2r4Unix

SYSTEM AND COMMUNICATIONS PROTECTION

SYMP-AG-000520 - Symantec ProxySG providing content filtering must protect against known and unknown types of denial-of-service (DoS) attacks by employing rate-based attack prevention behavior analysis.DISA Symantec ProxySG Benchmark ALG v1r3BlueCoat

SYSTEM AND COMMUNICATIONS PROTECTION

SYMP-AG-000530 - Symantec ProxySG must implement load balancing to limit the effects of known and unknown types of denial-of-service (DoS) attacks.DISA Symantec ProxySG Benchmark ALG v1r3BlueCoat

SYSTEM AND COMMUNICATIONS PROTECTION

SYMP-NM-000320 - Symantec ProxySG must enable Attack Detection.DISA Symantec ProxySG Benchmark NDM v1r2BlueCoat

SYSTEM AND COMMUNICATIONS PROTECTION

UBTU-20-010446 - The Ubuntu operating system must configure the uncomplicated firewall to rate-limit impacted network interfaces.DISA Canonical Ubuntu 20.04 LTS STIG v2r2Unix

SYSTEM AND COMMUNICATIONS PROTECTION

UBTU-22-251025 - Ubuntu 22.04 LTS must configure the Uncomplicated Firewall (ufw) to rate-limit impacted network interfaces.DISA Canonical Ubuntu 22.04 LTS STIG v2r4Unix

SYSTEM AND COMMUNICATIONS PROTECTION

UBTU-24-600200 - Ubuntu 24.04 LTS must configure the uncomplicated firewall to rate-limit impacted network interfaces.DISA Canonical Ubuntu 24.04 LTS STIG v1r1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

VCEM-67-000030 - ESX Agent Manager must disable the shutdown port.DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4Unix

SYSTEM AND COMMUNICATIONS PROTECTION

VCEM-70-000032 - ESX Agent Manager must disable the shutdown port.DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2Unix

SYSTEM AND COMMUNICATIONS PROTECTION

VCFL-67-000029 - vSphere Client must disable the shutdown port.DISA STIG VMware vSphere 6.7 Virgo Client v1r2Unix

SYSTEM AND COMMUNICATIONS PROTECTION

VCLU-70-000030 - Lookup Service must disable the shutdown port.DISA STIG VMware vSphere 7.0 Lookup Service v1r2Unix

SYSTEM AND COMMUNICATIONS PROTECTION

VCPF-67-000029 - Performance Charts must disable the shutdown port.DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

VCPF-70-000032 - Performance Charts must disable the shutdown port.DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

VCST-67-000029 - The Security Token Service must disable the shutdown port.DISA STIG VMware vSphere 6.7 STS Tomcat v1r3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

VCUI-67-000029 - vSphere UI must disable the shutdown port - vsphere-ui.jsonDISA STIG VMware vSphere 6.7 UI Tomcat v1r3Unix

SYSTEM AND COMMUNICATIONS PROTECTION

VCUI-70-000031 - vSphere UI must disable the shutdown port.DISA STIG VMware vSphere 7.0 vCA UI v1r2Unix

SYSTEM AND COMMUNICATIONS PROTECTION

WBSP-AS-001570 - The WebSphere Application Server high availability applications must be installed on a cluster.DISA IBM WebSphere Traditional 9 STIG v1r1 MiddlewareUnix

SYSTEM AND COMMUNICATIONS PROTECTION

WBSP-AS-001580 - The WebSphere Application Server memory session settings must be defined according to application load requirements.DISA IBM WebSphere Traditional 9 STIG v1r1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

WBSP-AS-001580 - The WebSphere Application Server memory session settings must be defined according to application load requirements.DISA IBM WebSphere Traditional 9 Windows STIG v1r1Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - ORBDISA IBM WebSphere Traditional 9 STIG v1r1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - server.startupDISA IBM WebSphere Traditional 9 STIG v1r1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - SIBFAPInboundDISA IBM WebSphere Traditional 9 STIG v1r1 MiddlewareUnix

SYSTEM AND COMMUNICATIONS PROTECTION

WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - TCPChannel.DCSDISA IBM WebSphere Traditional 9 STIG v1r1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - WebContainerDISA IBM WebSphere Traditional 9 STIG v1r1Unix

SYSTEM AND COMMUNICATIONS PROTECTION

WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - WebContainerDISA IBM WebSphere Traditional 9 STIG v1r1 MiddlewareUnix

SYSTEM AND COMMUNICATIONS PROTECTION

WN11-CC-000035 - The system must be configured to ignore NetBIOS name release requests except from WINS servers.DISA Microsoft Windows 11 STIG v2r3Windows

SYSTEM AND COMMUNICATIONS PROTECTION